Following the recent WannaCry Ransom attack that hit the world on Friday, May 14, the Ministry of Information and Technology has moved to reassure the public that the government computer systems and network were not affected.
Speaking during a Cyber-Security and Banking Forum organized by Citibank and the ICT Authority on Tuesday morning, ICT Cabinet Secretary Joe Mucheru said the government was keenly following on the encryption malware. The malware is reported to have effectively disabled over 200,000 computers running on Windows operating system in over 150 countries. This could number could, however, be higher as millions of people returned to work on Monday in what has been described as ‘’the biggest ransomware attack ever’’
WannaCry is the most high-profile example of a type of attack that security analysts had predicted would surge in 2017 after a substantial uptick in such attacks in 2016, the Washington Post reported.
The Cabinet Secretary, however, said the government has heightened its cyber monitoring and surveillance mechanisms to prevent and eliminate any remote possibility of attack.
Speaking at the same forum, Michael Mutiga, Managing Director, Corporate and Investment Banking at Citibank said that the creation of a shared industry reporting structure was the next phase in the evolution of Cyber-security awareness in Kenya.
“Breach notification is an important factor in the entire process of cyber-risk management. We have seen other markets develop mechanisms to share this data, within set parameters for the benefit or the industry and overall economy”, he said.
At the event Mucheru pointed out that although the financial services sector relied heavily on various financial technology to link to each other and the larger economy, it was yet come up to par in terms of Cyber-risk preparedness.
“With more than 75.3% of Kenyan citizens included in the formal financial services in the country, one would logically expect a corresponding increase in cyber security investments in the industry, statistics indicate this is not the case currently”, explained Mucheru.
Mucheru further challenged the financial service sector to improve information sharing and reporting on cybersecurity breaches
“Collaboration is taking place on an international level- attacking a global threat through combining the capabilities of companies and banks across the world. The information Sharing and Analysis Centers (ISACs) for instance, share information not only internationally, but also across sectors, said Edward Kiptoo, Citi’s Lead Information Security Officer for the Middle East and Africa.
The Kenya Cyber Security Report 2016 by Serianu indicated that about 44% of financial institutions run on a cyber-security budget of a paltry USD1 to USD1,000 annually, whilst another 33% of financial institutions in Kenya have zero spending on all matters cyber security. The report further noted that a whopping USD175 million has been pilfered from Kenya’s economy by savvy cybercriminals.
Estimates show that cybercrime could cost the global economy up to USD575 billion in 2017.
Investigations into the WannaCry ‘’ransomware’’ cyber attack is ongoing. Recent reports, however, say cybersecurity researchers have found technical clues that could link North Korea to the global attack.
Symantec and Kaspersky Lab told Telegraph on Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which researchers from many companies have identified as a North Korea-run hacking operation.